American drones compromised by virus

Independent sources are reporting that the United States’ fleet of unmanned aerial vehicles (UAV) has been compromised by a virus, potentially threatening the reliability of the drones during combat as well as operational security before missions.

The ‘keylogger’ spyware that crept into cockpit programming of predator and reaper drones has not prevented their continued use over Afganistan, in Lybia’s skies and elsewhere, but the extent of the breech is not known now, one insider reported to Wired magazine.

“We keep wiping it off, and it keeps coming back,” says one of three sources that told Wired’s Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Though Reapers and Predators have been flying missions in distant theatres of combat, killing al Qaeda operatives in Pakistan, locating Saddam Hussein in Iraq and taking reconnaissance pictures in the Libyan skies, their pilots remotely control them elsewhere.

The UAVs under Air Force command are operated by two or three man teams at Creech Air Base in the Mojave Desert, Nevada.

130 Predators and 48 Reapers carrying Hellfire missiles are flown by the US Air Force in various mission capacities.

It is believed a disc drive containing the malware was physically mated with a terminal here, infecting the system but detected eventually by the Host Based Security System programmed by the Defense Information Security Agency (DISA), a digital wing of the Department of Defense (DoD).

The DoD does not comment on its vulnerabilities as a matter of course, but network security specialists told The Danger Room that this virus has managed to avoid quarantine and removal.

If this is to be believed, the Pentagon’s Cyber Crime Center (DC3), a forensics analysis institute will likely be examining the possibility that this particular code is rewriting itself from a central source.

The budget allocations for cyber security have grown consistently, reflecting the acknowledgement of increased vulnerability of critical digital infrastructure to attack.

Under the Pentagon’s ‘Cyber 3.0’ strategy, $3.2 billion will be dedicated to building and sustaining defensive measures against the swarming threat from individual hackers, more malicious organised groups and nation-states.

One source posits that even another cyber security department within the DoD could have deployed the keylogger as a monitoring test to evaluate the system's integrity.

In 2009, an seized insurgent computer terminal belonging to a neutralised Iraqi showed hours of hacked footage from drone sorties, proving easy access to the UAVs' feed. It was determined that the insurgents hacked the system using software bought off-the-shelf for $26.

This year’s Cyber Security Awareness Month, just begun, will likely have the integrity of the drones prominently integrated into discussions.